Commit Graph

120 Commits

Author SHA1 Message Date
elad 7651cb0554 Put back break mistakenly removed in previous commit. 2006-11-24 01:13:11 +00:00
elad a84fee7faf Initial implementation of PaX Segvguard (this is still work-in-progress,
it's just to get it out of my local tree).
2006-11-22 02:02:51 +00:00
elad 156f4ce7bb Make PaX MPROTECT use specificdata(9), freeing up two P_* flags.
While here, make more generic for upcoming PaX features.
2006-11-22 00:41:38 +00:00
yamt 1a7bc55dcc remove some __unused from function parameters. 2006-11-01 10:17:58 +00:00
christos 4d595fd7b1 - sprinkle __unused on function decls.
- fix a couple of unused bugs
- no more -Wno-unused for i386
2006-10-12 01:30:41 +00:00
ad f474dceb13 Use the LWP cached credentials where sane. 2006-07-23 22:06:03 +00:00
elad 56a6a2b09b don't break lkms; pointed out by hannken@ and he@, thanks! 2006-05-18 17:35:49 +00:00
elad 04d63f90b5 Introduce PaX MPROTECT -- mprotect(2) restrictions used to strengthen
W^X mappings.

Disabled by default.

First proposed in:

	http://mail-index.netbsd.org/tech-security/2005/12/18/0000.html

More information in:

	http://pax.grsecurity.net/docs/mprotect.txt

Read relevant parts of options(4) and sysctl(3) before using!

Lots of thanks to the PaX author and Matt Thomas.
2006-05-16 00:08:24 +00:00
elad 215bd95ba4 integrate kauth. 2006-05-14 21:15:11 +00:00
skrll 75eb73218c KNF 2006-03-17 11:03:07 +00:00
erh 8e641f354a Found by coverity issue 887. Check for NULL before using base_ph so
an interpreter that does not have PT_LOAD in the program header doesn't
crash the system.
2006-03-17 08:51:35 +00:00
yamt 5a3e361753 for some random places, use PNBUF_GET/PUT rather than
- on-stack buffer
	- malloc(MAXPATHLEN)
2006-02-04 12:09:50 +00:00
christos 95e1ffb156 merge ktrace-lwp. 2005-12-11 12:16:03 +00:00
simonb 4beb6d8640 Add a hack to deal with MIPS relocatable shared-linker problem on
COMPAT_16 and earlier that results in a current shared linker running at
address 0 (and thus allows NULL pointer derefs to work).

As noted by Matthias Drochner, this "fix" just checks the first psection
and not the first loadable psection.  This isn't a problem with the
binutils up to now, but might be in the future.
2005-10-07 08:33:10 +00:00
junyoung 06e730ed76 More cosmetic changes. 2005-07-17 23:53:57 +00:00
junyoung a226b79f42 Make code prettier. 2005-07-17 23:49:49 +00:00
christos efb6943313 - add const.
- remove unnecessary casts.
- add __UNCONST casts and mark them with XXXUNCONST as necessary.
2005-05-29 22:24:14 +00:00
fvdl c487efe4a7 Fix some things regarding COMPAT_NETBSD32 and limits/VM addresses.
* For sparc64 and amd64, define *SIZ32 VM constants.
* Add a new function pointer to struct emul, pointing at a function
  that will return the default VM map address. The default function
  is uvm_map_defaultaddr, which just uses the VM_DEFAULT_ADDRESS
  macro. This gives emulations control over the default map address,
  and allows things to be mapped at the right address (in 32bit range)
  for COMPAT_NETBSD32.
* Add code to adjust the data and stack limits when a COMPAT_NETBSD32
  or COMPAT_SVR4_32 binary is executed.
* Don't use USRSTACK in kern_resource.c, use p_vmspace->vm_minsaddr
  instead (emulations might have set it differently)
* Since this changes struct emul, bump kernel version to 3.99.2

Tested on amd64, compile-tested on sparc64.
2005-03-26 05:12:34 +00:00
mycroft b9c71ccc7a Copyright maintenance. 2005-03-02 11:05:34 +00:00
perry da8abec863 nuke trailing whitespace 2005-02-26 21:34:55 +00:00
christos a9fed9480a Allow 32K instead of 1K of section headers. Solaris opera binary has 15K
section headers. We only allocate memory for those headers on compat_linux
and compat_ibcs2 while we probe, and although 32K is not such a big number,
we could fix the code in those two places to read section-by-section instead
of all the sections at once as it does now, if we really felt like it.
2005-02-07 00:12:49 +00:00
skrll 59abd634ef We emulate more than SVR4, and IBCS2 on the i386 and Linux on the i386
and the Alpha there days. Remove this statement in a comment.
2004-10-30 09:38:15 +00:00
jdolecek 41405858b3 bump the number of allowed sections to 1024; e.g. SuSE 9.1 packaged
Mozilla 1.6 has 726 sections
2004-08-01 22:16:19 +00:00
thorpej d76fa360ef Back out >2 PT_LOAD changes from rev 1.96. They cause older GCC3-compiled
PowerPC binaries to fail.  The compiler has since been fixed, but
compatibility with older binaries needs to be maintained.

PR kern/23758.
2004-01-07 16:42:53 +00:00
chs 291c877a9c add support for more than 2 PT_LOAD sections. from OpenBSD. 2003-12-07 02:18:53 +00:00
drochner f1aa108dd8 -fix ELF_INTERP_NON_RELOCATABLE:
-obey ELF_LINK_ADDR in ELF_load_file()
 -set ELF_LINK_ADDR in the probe() function if needed
-make ELF_NULL_ADDR the default, so that probe() functions dont need
 to set it explicitely
-allocate buffer for interpreter name only if needed
2003-10-31 14:00:52 +00:00
christos c3c2f78f98 GC: exec_foo_setup_stack; use exec_setup_stack, and provide a way for
emulations to override it.
2003-08-08 18:53:13 +00:00
manu d41feb61a6 Make elf{32|64}_check_header public, as it will be used by irix_elf32_probe.
While we are there, cut to 80 chars, and ANSIfy prototypes
2003-08-06 01:02:26 +00:00
fvdl d5aece61d6 Back out the lwp/ktrace changes. They contained a lot of colateral damage,
and need to be examined and discussed more.
2003-06-29 22:28:00 +00:00
darrenr 960df3c8d1 Pass lwp pointers throughtout the kernel, as required, so that the lwpid can
be inserted into ktrace records.  The general change has been to replace
"struct proc *" with "struct lwp *" in various function prototypes, pass
the lwp through and use l_proc to get the process pointer when needed.

Bump the kernel rev up to 1.6V
2003-06-28 14:20:43 +00:00
christos a378776e5a Limit the number of program headers we accept to avoid resource exhaustion
by a hand-crafted elf binary.
2003-06-25 13:48:06 +00:00
matt 6c3a6223d4 If we are doing TOPDOWN, we want to truncate the address downwards. If not,
we want to round the address upwards.  I hope this is the last change.
2003-03-01 05:55:51 +00:00
matt ad22a09f59 Make sure that the initial address is aligned correctly. Note that before
this alignment would have been backward into the dataspace covered by
MAXDSIZ.  Now the alignment is done forward.  XXX  It is expected that
in the TOPDOWN case, VM_DEFAULT_ADDRESS will make sure any address it
returns has the proper alignment for that architecure.
2003-02-28 19:44:42 +00:00
matt 261ba66908 When aligned to > PAGE_SIZE boundary, don't map any pages before where the
psection starts.  Allocate unused VA space between psections as unreadable.
2003-02-28 19:09:08 +00:00
matt f34e724286 Remove MAXDSIZ since VM_DEFAULT_ADDRESS adds it. Sigh. It was correct. 2003-02-28 00:11:14 +00:00
matt e39f39ac47 Note only trunc_page the psection vaddr, but truncate it accordoring to its
psection alignment.  XXX If the psection alignment is greater than the page
alignment, extra pages may be mapped that will never be needed.  This is
inefficient and wasteful of swap space and needs to be fixed.
2003-02-27 23:48:29 +00:00
matt 0731ed5a3d Fix a c&p bug when moving VM_DEFAULT_ADDRESS. (restore MAXDSIZ) 2003-02-27 23:10:52 +00:00
matt bc859d628d Remove VMCMD_TOPDOWN since it's no longer. Redo my last rework. Move
VM_DEFAULT_ADDRESS from elf*_makecmds to elf*_load_file.  In load_file,
actually determine ahead of time how much space will be needed and pass
that to VM_DEFAULT_ADDRESS.  Now we have a relatistic starting address
so we can do the loading of psections normally with no extra topdown
code in load_psection.  Also, if there is a gap in betweeen psections
zero map an inaccessible region between (just like ld.elf_so does) to
avoid inadvertant mmaps in the gap.
2003-02-27 01:58:56 +00:00
matt 9c3775aadf Make elf32 load_file work properly with TOPDOWN by mapping psections in
reverse order.  Remove TOPDOWN support from VMCMDs since elf32 does the
right stuff now.  With these changes, VAX can now use TOPDOWN.
2003-02-26 21:18:22 +00:00
matt b411ef736c In topdown mode, subtract the page rounded memory size of the psection,
not the rounded file size.  Otherwise if BSS needs more pages beyond
data you'll extend too far.
2003-02-21 03:53:43 +00:00
atatat df0a9badc6 Introduce "top down" memory management for mmap()ed allocations. This
means that the dynamic linker gets mapped in at the top of available
user virtual memory (typically just below the stack), shared libraries
get mapped downwards from that point, and calls to mmap() that don't
specify a preferred address will get mapped in below those.

This means that the heap and the mmap()ed allocations will grow
towards each other, allowing one or the other to grow larger than
before.  Previously, the heap was limited to MAXDSIZ by the placement
of the dynamic linker (and the process's rlimits) and the space
available to mmap was hobbled by this reservation.

This is currently only enabled via an *option* for the i386 platform
(though other platforms are expected to follow).  Add "options
USE_TOPDOWN_VM" to your kernel config file, rerun config, and rebuild
your kernel to take advantage of this.

Note that the pmap_prefer() interface has not yet been modified to
play nicely with this, so those platforms require a bit more work
(most notably the sparc) before they can use this new memory
arrangement.

This change also introduces a VM_DEFAULT_ADDRESS() macro that picks
the appropriate default address based on the size of the allocation or
the size of the process's text segment accordingly.  Several drivers
and the SYSV SHM address assignment were changed to use this instead
of each one picking their own "default".
2003-02-20 22:16:05 +00:00
atatat 7a8e4b4bc4 Two small changes to the ELF exec code:
(1) ELFNAME(load_file)() now takes a pointer to the entry point
offset, instead of taking a pointer to the entry point itself.  This
allows proper adjustment of the ultimate entry point at a higher level
if the object containing the entry point is moved before the exec is
finished.

(2) Introduce VMCMD_FIXED, which means the address at which a given
vmcmd describes a mapping is fixed (ie, should not be moved).  Don't
set this for entries pertaining to ld.so.

Also some minor comment/whitespace tweaks.
2003-01-30 20:03:46 +00:00
simonb d446cbf4ee Remove variable that is only assigned too but not referenced. 2003-01-19 22:52:11 +00:00
jdolecek cedc87712e ELF copyargs: at the time this is executed, process's ucred doesn't
contain the new uid/gid for suid/sgid binaries yet; determine AT_EUID
and AT_EGID by checking executed program vnode attributes in this case
2002-11-13 15:49:44 +00:00
chs 993948e989 count executable image pages as executable for vm-usage purposes.
also, always do the VTEXT vs. v_writecount mutual exclusion
(which we previously skipped if the text or data segment was empty).
2002-10-05 22:34:02 +00:00
junyoung 8b656df79c Remove unnecessary code. 2002-10-04 03:17:37 +00:00
provos 0f09ed48a5 remove trailing \n in panic(). approved perry. 2002-09-27 15:35:29 +00:00
mycroft 30d477000a The entry point address for the interpreter must be adjusted by the text
section VMA on all platforms.  It just happens to 0 normally on everything but
MIPS.
2002-09-12 16:57:44 +00:00
christos fea7af3bbe - Implement passing AT_{R,E}{U,G}ID in the elf aux vector.
- Pass struct proc to copyargs
- fix svr4_copyargs functions
2002-08-26 21:07:38 +00:00
simonb 4c67158999 Use "#ifdef __mips__" instead of "#ifdef mips"; shared libraries work
for kernels compiled with gcc 3.x.
2002-06-03 13:07:00 +00:00